summaryrefslogtreecommitdiff
path: root/daemon/ldap.c
diff options
context:
space:
mode:
Diffstat (limited to 'daemon/ldap.c')
-rw-r--r--daemon/ldap.c45
1 files changed, 43 insertions, 2 deletions
diff --git a/daemon/ldap.c b/daemon/ldap.c
index 1e03c32..9fda424 100644
--- a/daemon/ldap.c
+++ b/daemon/ldap.c
@@ -230,12 +230,53 @@ static int add_cached_basic(ldap_context_t* ctx, unsigned char* key)
return HA_OK;
}
+#define LDAP_NO_ESCAPE "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-_"
+#define LDAP_HEX "0123456789abcdef"
+
+static const char* escape_ldap(ha_buffer_t* buf, const char* str)
+{
+ const char* t = str;
+ size_t pos;
+
+ ha_bufcpy(buf, "");
+
+ while(*t)
+ {
+ pos = strspn(t, LDAP_NO_ESCAPE);
+
+ if(pos > 0)
+ {
+ ha_bufjoin(buf);
+ ha_bufncpy(buf, t, pos);
+
+ t += pos;
+ }
+
+ while(*t && !strchr(LDAP_NO_ESCAPE, t))
+ {
+ char hex[4];
+ hex[0] = '\\';
+ hex[1] = LDAP_HEX[*t >> 4 & 0xf];
+ hex[2] = LDAP_HEX[*t 0xf];
+ hex[3] = '\0';
+
+ ha_bufjoin(buf);
+ ha_bufcpy(buf, hex);
+
+ t++;
+ }
+ }
+
+ return ha_bufdata(buf);
+}
+
static const char* substitute_params(ldap_context_t* ctx, ha_buffer_t* buf,
const char* user, const char* str)
{
const char* t;
ASSERT(ctx && buf && user && str);
+
/* TODO: We need to be escaping the user and realm properly */
/* This starts a new block to join */
ha_bufcpy(buf, "");
@@ -259,13 +300,13 @@ static const char* substitute_params(ldap_context_t* ctx, ha_buffer_t* buf,
{
case 'u':
ha_bufjoin(buf);
- ha_bufcpy(buf, user);
+ escape_ldap(buf, user);
t++;
break;
case 'r':
ha_bufjoin(buf);
- ha_bufcpy(buf, ctx->opts->realm);
+ escape_ldap(buf, ctx->opts->realm);
t++;
break;